First you get a great idea. You hire a web site builder, or build it yourself, and create a new WordPress web site. You probably try to spend as little money on this as possible, because (1) you don’t have much money yet and (2) you don’t know whether this is worth investing in yet. So, you get a basic site. Nothing fancy. No real security or speed tweaking.

Then you start telling people about it. And you start making sales. Whether you are selling physical goods, downloadables, services, whatever – money starts to come in.

And it grows

The traffic to the site starts to grow (because one thing you DID do right was putting in Google Analytics, so you can see what is going on – right?). You are getting, say, one sale for every 20 or so visitors. This is a great conversion rate.

But after a while you see something start to happen. Sales are still good, and visitor numbers are growing hugely. But the visitor numbers to your site are increasing so much that your conversion rate is now more like one sale for every 100 visitors. And a lot of these visitors are coming from countries where you never make sales – places like China and Russia. Strange. And the site is getting slower, and sometimes doesn’t come up at all.

If you are lucky, your site will survive this phase without getting hacked. But around 75% of all WordPress sites don’t have even the most basic of security. These are the sites the hackers are looking for. Sites just like yours.

Hacked!

You think, “I don’t have any enemies – why would anyone want to hack my site?”

But you see, hackers are a strange group of people. They hack for three reasons. The first group hacks “because it is there”. They love to show off how many sites they have hacked.

The second group has a political agenda. They will hack your site so that it shows a screen promoting some cause they believe in. It usually has a link to the site they want to promote – and these links are good for their Google ranking.

These two groups make up the vast majority of hackers. They will do a quick check to see if your site is easily hackable, and if it isn’t they will move on to the next site. They are constantly visiting sites (not personally, they use computer programs called “bots”) to see if they are vulnerable. Sometimes they will attack as soon as they find something, but most of the time what the bot does is add a little bit of code to your site somewhere invisible (to you). Then, on a second pass, the “real” human hacker comes back and does the attack. This can be hours, days, or weeks later.

Who hates you?

The third group of hackers is quite different. But thankfully, they are very rare. These are the people who hate you. These are people who are specifically targeting YOUR business. It could be because they want to steal your customer data (for spamming, or so they can try to sell them competing products). They could add some code so that payments that should go to you, go to them instead. Or they could basically want to shut your web site down so that you look stupid and (hopefully) give up and go out of business.

What can be done?

Hold on. Hacking is not the only thing that can go wrong on a successful site.

Remember that I said there would be lots of bots coming to your web site? Every time a bot (or a person) visits your site, they start what is called a “process” on your hosting. There is usually a limit on the number of processes that can run simultaneously on your hosting. If you have gone for cheap shared hosting (you were trying to save money, remember?), once you reach that limit of simultaneous processes, anyone else that comes along either needs to wait (and wait, and wait) in a sort of a queue until there is room for them, or they basically get told no sorry, the web site is not available.

What this means is that your web site will get slow. Very, very slow. That’s if it comes up at all.

Another thing that can go wrong with a successful site is that there can be too much build-up of data on the site that is no longer needed. When someone visits your site there is a record added to a table in your database. The database basically stores all the information your site needs to work properly. And the larger it gets, the less efficiently it will work. It is sort of like trying to find something in that back room at your house. The more stuff you have in there, the longer it takes to find anything.

In addition, there can be redundancy in the data, and not just on the database. Maybe you have been taking backups of your site – that’s great! But are you also cleaning out those backups when they are no longer needed (or getting your automated backup software to do that for you)? If not, that is more crud that has to be sorted through every time the web site wants to do something. Or maybe there are plugins you installed that you no longer need, or themes, or images.

Speaking of images, these take up a lot of space on most web sites. Displaying images takes a lot of time in terms of computer processing. There are more efficient ways of storing the image data so that the images still show up perfectly, but don’t take as long to display. There are also tweaks that can be done to make some of the technical stuff like javascript and css and HTML work more efficiently.

OK, but what can be done?

Those of you that have been following this site for a while will be familiar with our WordPress Hack Prevention Checklist – how much of this have you done to safeguard your site from hackers? Following this checklist will secure your site from the group 1 and 2 hackers – the ones who are not specifically targeting YOU, and will move on if it is too hard.

But what if you don’t have the technical knowledge, or the time to do all this yourself? You can do what some people do, and hire a VA to do it all for you Yeah good luck with that. It is really hard to find one that actually can do all the stuff that is required, AND sticks around long-term to make sure the site stays running smoothly.

What you really need is a…

WordPress WebSite Manager

A WordPress WebSite Manager is someone who will first, do a full audit of your WordPress website and make recommendations on what is required to both secure and speed up the site. This must be done by someone who can actually carry out the work required – otherwise you will be stuck with finding someone technically competent to do it for you.

Then the WordPress WebSite Manager will take a full backup of the site (and store it on YOUR Dropbox or whatever you use for cloud storage) – if the site stays up long enough to allow that.

Next the WordPress WebSite Manager will start working on stopping all those bots (apart from nice bots like Google of course) from getting to your web site. The WordPress WebSite Manager will then make sure that if a bot does get through, it is not able to inject any secret code that can later be used to exploit the site.

Not even the very best WordPress WebSite Manager will be able to stop a truly determined hacker that is targeting you personally. For that, you need two things – a good backup regime so you can always recover from such an attack, and a good law firm to take the bastards to court. But your WordPress WebSite Manager should be able to provide you with a ton of excellent evidence as to who it was that did the attack, when and how. The enemy won’t stand a chance.

Your WordPress WebSite Manager will also speed up the site, maybe using caching (if you don’t know what that is, go back and read the Speed Up My WordPress Site page). They will show you before and after reports from a site like GTmetrix to show you what has been achieved.

A really good WordPress WebSite Manager will also be able to suggest SEO tweaks – to help get more REAL traffic to your site. But of course this can only be done once the site is actually stable.

And the BEST WordPress WebSite Manager will also have a follow-up service to monitor your site to make sure it stays secure, and stays up.

Where do I find a WordPress WebSite Manager?

Here at Gecko Gully, we offer a WordPress WebSite Management solution. Get in touch and we will discuss your needs. Note that pricing starts at $1000 per site to fix existing problems, and $100 per month for ongoing monitoring.

But if your site is truly successful, and is earning you money, isn’t it worth that to keep it up, and running well?